BERNE (ZAP) -- In a bold move to demonstrate that the Swiss government is as
serious about privacy for its citizens as it has historically been regarding
the protection of illicit foreign assets in Swiss bank accounts, the head of
the newly created Switzerland Federal Department of Facial Anonymity,
Nicolas J. Biellmann, today issued a preliminary order requiring that all
Swiss citizens wear "full head coverage" masks at all times when outside
their homes or places of business within the borders of Switzerland.

This groundbreaking move, being enthusiastically supported by radical
pro-privacy groups in Switzerland and around the world, comes on the heels
of previous Swiss orders that search giant Google must obscure every single
human face -- even if this must be done manually -- that appears in their
"Street View" images, or else potentially terminate Street View services for
Switzerland ( http://j.mp/gj2V68 [Lauren's Blog] ).

"Upon due reflection," said Biellmann, "we realized that Google Street View
was only the tip of the iceberg. After all, Street View imagery is usually
only updated after months or even years. But there are lots of other people
out there taking photos of Swiss faces every day -- whom we must protect our
citizens against as well."

The "mask order" comes in conjunction with other new regulations banning
tourists in Switzerland from posting to the Internet any photos of Swiss
citizens, even taken in public places and gatherings. Under this new law,
any such photos that are subsequently posted to the Web, will bring about
swift action by Swiss authorities. This may involve Web site shutdown
orders, extradition of the tourist photographers back to Switzerland if they
have already left the country, and in extreme cases the so-called Swiss
"doomsday" option -- the remote and permanent shutdown of any and all cuckoo
clocks associated with the photos' perpetrators.

At a press conference in downtown Berne today, reporters were provided with
examples of the government-approved masks that would be required under the
new order [editors, see photo DS0393-A3 - http://j.mp/fUrVNf (Lauren's
Blog)]. Officials noted that approved masks would be available in a wide
range of styles, and would include characteristics of popular Swiss folk
heroes, characters from major films, and even a wide range of cute animals.

In answer to a reporter's question, Biellmann explained that approved masks
would be constructed from special materials that are essentially transparent
to government real-time surveillance closed-circuit television (CCTV)
cameras. "We want to assure everyone that the government will still be able
to track your every move via our CCTV systems. Our goal here is simply to
make sure that firms like Google, and individual tourists, are blocked from
citizen photography. You can be confident that law enforcement and other
aspects of the government will have full access to your actual faces at all
times, everywhere you go in public. Your ugliness will not be seen by
anyone else," said Biellmann.

After a brief comment period, the new masking and anti-tourist photography
regulations are expected to become law on April 1, 2011.

Update (February 25, 2011): Yes, except for the part about Switzerland
demanding that Google obscure every single Swiss face in Street View -- even
if it has to be done manually -- the rest of the story described in this
posting is of course a satire. But you already knew that.

Some time in January, the IEEE apparently quietly revised its copyright
policy to explicitly forbid us authors from sharing the "final" versions
of our papers on the web, now reserving that privilege to themselves
(available to all comers, for the right price).

http:www.crypto.com/blog/copywrongs

[This item by Matt is very important for you all to read. I am inclined
to openly include Matt's entire text here, but it is even more important
for RISKS readers to go to the source and see how this item fits in to the
rest of what Matt has available. Organizations such as ACM and IEEE are
clearly having difficulties adapting to the non-print world of the
Internet. But preventing authors who believe in the importance of
openness in research from distributing their own publications is a
horrendous step backwards. PGN]

I've been skeptical about the whole concept of cloud computing since I first
heard about it. You're taking your most important stuff -- your data and
applications -- and placing it out of your control in the cloud. How many
more incidents like this will it take to completely discredit cloud
computing? When will cloud computing have its Hindenburg disaster?

A number of people have asked me about this incident, especially the "how
could multiple copies of data be damaged/lost?" question.

While I wouldn't assert that this example is strictly relevant in this
particular case, RAID may provide a useful example.

I've been warning folks for years that even the higher levels of RAID
(Redundant Array of Independent Disks) protection do not necessarily
mean that data won't be lost, especially when those disks all share
a single controller.

If the controller in such a situation fails in a particularly nasty
way, it could potentially corrupt enough of the data across the entire
array of RAID disks to cause unrecoverable data loss.

Even when your redundant data is stored at different locations, it is
possible for failure (in this case, likely a software-related problem) to
cause data loss or corruption that may not be detected until it has been
copied across to other replicated versions of the files. Even if you kept
multiple copies of an e-mail index, it's possible to have failure modes
where problems in one copy spread to the other copies prior to detection.

And for those of you attempting to use this case as an argument against
cloud computing, I would simply note that only a relatively small number of
Google's users were affected, it appears that their data will be
successfully recovered, and when most people's home or business PC disks
fail, they probably haven't been backed up at all. Technical term for that:
S.O.L.

It appears there is a new backdoor Trojan in town and it targets users of
Mac OS X. As even the malware itself admits, it is not yet finished, but it
could be indicative of more underground programmers taking note of Apple's
increasing market share.

SophosLabs analyzed the sample we received and determined that it is a
variant of a well-known Remote Access Trojan (RAT) for Windows known as
darkComet. The author of the Trojan refers to it as the 'BlackHole RAT', as
you can see from the screenshots, but Sophos calls it OSX/MusMinim-A, or
'MusMinim' for short.

The name 'Black Hole' is already used by a legitimate application which
actually aims to increase security on your Mac by helping you get rid of
potentially sensitive information such as recently-used file lists, data
left in the clipboard, and more.

MusMinim is very basic and there appears to be a mix of German and English
in the user interface. Its functions include:

* Placing text files on the desktop
* Sending a restart, shutdown or sleep command
* Running arbitrary shell commands
* Placing a full screen window with a message that only allows you to
click reboot
* Sending URLs to the client to open a website
* Popping up a fake "Administrator Password" window to phish the target...

"... What's more, some health-care experts say the number of errors could
jump in coming years. That's because the 2009 economic-stimulus legislation
included $19 billion in spending to encourage the use of electronic health
records—a major source of billing mistakes, says Ross Koppel, a sociology
professor at University of Pennsylvania's Center for Clinical Epidemiology
and Biostatistics who has studied electronic records extensively. The
U.S. Department of Health and Human Services estimates that 80% of hospitals
will use electronic records by 2014, up from 16% now.

... But those bills are sometimes inaccurate—often as a result of
electronic billing snafus. Among their benefits, electronic records can
reduce the risk of duplicate testing by enabling doctors to track patients'
care. David Blumenthal, national coordinator for electronic health records
at the U.S. Department of Health and Human Services, says the technology
helps prevent potentially fatal errors such as prescribing medication that a
patient is allergic to. Electronic health records will "improve care for
patients and bring about greater cost-effectiveness in our health sector,"
he says...."

Assembly Speaker Sheldon Silver's former adviser wrote the state law that
may have cost him his powerful, veto-proof, Democratic supermajority.
Democrat Frank Skartados was forced to concede the seat for the 100th
Assembly District last week when he was a mere 15 votes behind. In his
heart of hearts, he believes he won.

But in a double whammy of irony, Skartados was seemingly doomed by a vague
election law that was crafted by his own lawyer, Kathleen O'Keefe, while she
worked as Silver's chief election counsel. O'Keefe's strict interpretation
of her own law walled off one of Skartados' last hopes of fighting for the
seat. "I couldn't do anything with the way the law was written," said
Skartados, who conceded to Republican Tom Kirwan after one of the most
drawn-out contests in state history. "But I feel that justice was not served
because the voices of everyone were silenced by the courts."

A Brooklyn appeals court ruled unanimously in favor of Kirwan when it tossed
out about 60 contested affidavit ballots. That left Skartados just 15 votes
behind. In New York City, Board of Elections rules automatically require a
hand inspection of the paper trail from voting machines in any election
where the margin is 0.5% or less. State election law doesn't - and in races
as close as the one for this Hudson Valley seat, it could make all the
difference. "New York law offers very little guidance as to when a full
recount is required," elections law expert Jerry Goldfeder said. "The law
needs to be clarified."

Flash-based solid-state drives nearly impossible to erase
Think you got rid of that confidential information on your SSD?
The results of a new study will come as a rude awakening

selected text:

Researchers from the University of California at San Diego delivered a paper
at the FAST-11 Conference in San Jose, Calif., last week that shows it's
almost impossible to reliably erase data from a solid state drive.

The tome, "Reliably Erasing Data from Flash-Based Solid State Drives" (PDF),
goes through all of the known techniques for erasing data and comes up short
in every case. The study's method is straightforward: They put repeating
data on an SSD or USB drive, tried using various erasing techniques, took
the SSD or USB drive apart, and pulled raw data off the chips. If any of the
original data remained, erasing didn't work.

The culprit? SSD's so-called Flash Translation Layer, a firmware interface
that makes an SSD appear to the PC like a big fat, uh, FAT device. Operating
systems want to work with file allocation tables and clusters. SSDs have to
deal with the vagaries of Flash media, which are quite different from
rotating magnetic layers. For example, SSD blocks have to be erased before
they can be written, and erasing takes a lot of time. FTL figures out how to
erase unused blocks of memory when the SSD isn't doing anything else. SSD
devices wear out faster if the same blocks are written and rewritten, so FTL
balances the write load across all of the available memory.

You might imagine with all of these delayed erases running around and blocks
of data being intentionally scattered to remote corners, there's some
potential for error. Ends up, there's more than just a potential.

Perhaps some day we'll see the recommendations applied to an SSD
device. In the meantime, the only sure way to erase the data on an SSD or
USB drive requires a very large hammer.

- - -

[PGN adds: Lauren Weinstein commented in his various distributions on
this quote:

"Our results show that naively applying techniques designed for
sanitizing hard drives on SSDs, such as overwriting and using
built-in secure erase commands is unreliable and sometimes
results in all the data remaining intact. Furthermore, our
results also show that sanitizing single files on an SSD is much
more difficult than on a traditional hard drive."

With the rise of SSD memory as a replacement for traditional hard disks,
the security and privacy aspects of this situation seem quite noteworthy,
to say the least. You can bet that those parties (legit or not) who wish
to extract data from laptops, iPads, smartphones, or other SSD-based
devices will already be ahead of the curve. Ya' think you really deleted
that cleartext before sending out the encrypted version? You sure you
actually deleted that company confidential material (or that porn!) before
you head back through U.S. Customs? Lauren]

David K. Shipler), Can You Frisk a Hard Drive? *The New York Times*,
19 Feb 2011 http://j.mp/geIRBa

My comments:

Anyone who travels internationally with a laptop containing anything
significant beyond the bare necessities for accessing cloud-based data under
password and/or other security controls, is unfortunately simply asking for
trouble.

This holds especially true for the vast majority of travelers -- who have
done nothing wrong -- but may still have their devices' (laptops,
smartphones, etc.) data copied and searched in detail without a warrant or
any indication that they are criminals, terrorists, or even overdue library
book villains.

A laptop similar to Google's CR-48 and a good SSH program (e.g. in a Java
applet), can be an enormous help in this regard.

This website was launched with the goal to publish security related
vulnerabilities found on any social networking platform. In the past the
authors of this website have found lots of security related issues on well
known social networking platform and tried to contact the responsible owners
to provide detailed information on the found issues. During this we got
really frustrated because often there is no secur[e] e-mail available on the
social networking platform which means that we had to try to contact the
website providers via their "normal" help desk or ticketing system. This had
the consequence that in most case we got no answer or it took weeks till we
got any answers. When you initially contacted the vendors and asked for a
public PGP key or s/mime so that we can send the information encrypted, we
often got an answer saying that they don't use PGP or s/mime in their
company and that we should provide them the information via clear-text email
protocol. Some of them even asked us what is a PGP key or even worse - they
sent us their private PGP key (for their luck without the needed password).

I think it's actually pretty clear how mooo.com came to be seized along with
other child porn domains. There must have been trafficking happening on some
of the subdomains created by users underneath mooo.com, and the people
assembling the list of domains to seize categorized the entire second-level
domain, rather than the individual subdomains within it, as a trafficking
domain.

This is not a terribly surprising error. I would imagine that the percentage
of Internet .com domains where subdomains are owned and completely
controlled by different people than the second-level domain is minuscule,
and the community that utilizes such domains tends to be somewhat
self-contained and not familiar to people who aren't part of it.

In hopes of dispelling fears of a federal "Internet kill switch," Senate
homeland security and financial management leaders introduced a
cybersecurity reform bill that would explicitly prohibit the President
from shutting down the Internet.

My minimal legal knowledge is that courts have never accepted photographic
evidence as incontrovertible. They have always required the testimony of
the person who took the photo along with it -- i.e., testify that he/she
took the photo at the place and time alleged, and didn't alter it.

This is an absolutely mandatory source book for everyone interested in the
would-be conflicts represented between and within each side of the "or" in
the title. It is truly remarkable, incisive, important, timely, superbly
researched, and copiously footnoted for those who want to dig even deeper.

Please read it. Of course, as RISKS readers are well aware, at the moment
we seem to have surveillance without security, and without sufficient
controls. However, the challenges of achieving adequate security *and*
legitimate surveillance *and* meaningful privacy (however you might wish to
define them) may be eternally unreachable -- especially in the absence of
security.

Here's a quote from Jonathan Zittrain from the back jacket of the book:

``Susan Landau has taken an exceptionally complex but vital subject and
presented it in a clear and compelling way. The ability of a citizen to
securely communicate with her peers lies at the heart of the rule of law.
Landau demonstrates the necessity of protecting that right amidst the
technological changes that can greatly alter the balance of power between
citizens and governments.''

The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com
depending on which action is to be taken.

Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.